GetLetFlow

Privacy Policy

Last updated: 30 March 2026

1. Who we are

Get Let Flow is a property management platform for UK landlords. When we say "we", "us" or "our" in this policy, we mean Get Let Flow. We are the data controller for the personal data described below.

If you have questions about this policy or your data, email us at admin@getletflow.co.uk.

2. What data we collect

We collect the following personal data:

  • Account information: your name and email address when you sign up.
  • Property and tenancy data: property addresses, tenant names, contact details, rent amounts, deposit information, and tenancy dates that you enter into the platform.
  • Uploaded documents: certificates, tenancy agreements, and other files you upload.
  • Usage data: how you interact with the platform, including pages visited and features used.
  • Payment data: billing information processed by our payment provider Stripe. We do not store your card details.

3. How we use your data

We process your data for the following purposes:

  • To provide and maintain the Get Let Flow service.
  • To send you compliance reminders, certificate expiry alerts, and rent notifications.
  • To process payments and manage your subscription.
  • To respond to your support requests.
  • To improve the platform and develop new features.

4. Legal basis for processing

Under UK GDPR, we rely on the following legal bases:

  • Contract: processing necessary to provide the service you signed up for.
  • Legitimate interests: improving our service, preventing fraud, and ensuring security.
  • Legal obligation: where we are required to retain data by law.
  • Consent: for optional analytics cookies (you can withdraw consent at any time).

5. Who we share data with

We share data only with the following third-party processors who help us deliver the service:

  • Supabase (database and authentication) — hosted in the EU.
  • Vercel (hosting) — data processed in accordance with their DPA.
  • Stripe (payments) — PCI DSS compliant.
  • Resend (email delivery) — for transactional emails only.
  • Anthropic (AI assistant) — prompts are not used to train models.

We do not sell your personal data to anyone.

6. Data retention

We retain your account data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required by law to retain it (e.g. financial records for up to 6 years).

Uploaded documents are stored securely and deleted when you remove them or close your account.

7. Your rights

Under UK GDPR, you have the right to:

  • Access your personal data.
  • Rectify inaccurate data.
  • Erase your data (right to be forgotten).
  • Restrict processing of your data.
  • Data portability — receive your data in a structured format.
  • Object to processing based on legitimate interests.
  • Withdraw consent for optional processing at any time.

To exercise any of these rights, email admin@getletflow.co.uk. We will respond within 30 days.

8. Security

We use industry-standard security measures including encryption in transit (TLS), encryption at rest, row-level security on our database, and secure authentication via magic links (no passwords stored).

9. International transfers

Your data may be processed outside the UK by our service providers. Where this occurs, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the ICO.

10. Complaints

If you are unhappy with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

11. Changes to this policy

We may update this policy from time to time. We will notify you of significant changes by email or through the platform.

This policy is provided for informational purposes and does not constitute legal advice. We recommend consulting a solicitor for advice specific to your circumstances.